refactor(backups): simplify backups module

2026-04-19 17:50:53 +02:00
parent dd31da5a8f
commit b62f3c20ac
3 changed files with 22 additions and 24 deletions
--- a/hosts/andromache/default.nix
+++ b/hosts/andromache/default.nix
@@ -57,6 +57,7 @@ in

  secrets.nixSigningKey.enable = true;

+  restic-backup.enable = true;
  tailscale.enable = true;

  docker.enable = true;
--- a/hosts/astyanax/default.nix
+++ b/hosts/astyanax/default.nix
@@ -53,6 +53,7 @@ in

  secrets.nixSigningKey.enable = true;

+  restic-backup.enable = true;
  tailscale.enable = true;
  docker.enable = true;
  nfc.enable = true;
--- a/modules/backups/default.nix
+++ b/modules/backups/default.nix
@@ -8,38 +8,35 @@
 let
  cfg = config.restic-backup;
  inherit (config.secrets) sopsDir;
+  mkSopsSecrets = myUtils.mkSopsSecrets sopsDir;
+  host = config.networking.hostName;
 in
 {
-  options = {
-    restic-backup = {
-      repository = lib.mkOption {
-        type = lib.types.str;
-        default = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}";
-      };
+  options.restic-backup = {
+    enable = lib.mkEnableOption "restic backups";

-      passwordFile = lib.mkOption {
-        type = lib.types.str;
-        default = config.sops.secrets."restic/password".path;
-      };
+    passwordFile = lib.mkOption {
+      type = lib.types.str;
+      default = config.sops.secrets."restic/password".path;
+    };

-      paths = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-        default = [ "/home" ];
-      };
+    paths = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ "/home" ];
    };
  };

-  config = {
+  config = lib.mkIf cfg.enable {
    sops = {
      secrets = lib.mkMerge [
-        (myUtils.mkSopsSecrets sopsDir "restic" [ "password" ] { })
-        (myUtils.mkSopsSecrets sopsDir "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { })
+        (mkSopsSecrets "restic" [ "password" ] { })
+        (mkSopsSecrets "backblaze-b2" [ "bucket-name" "account-id" "account-key" ] { })
      ];
      templates = {
-        "restic/repo-${config.networking.hostName}" = {
-          content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${config.networking.hostName}";
+        "restic/repo-${host}" = {
+          content = "b2:${config.sops.placeholder."backblaze-b2/bucket-name"}:${host}";
        };
-        "restic/b2-env-${config.networking.hostName}" = {
+        "restic/b2-env-${host}" = {
          content = ''
            B2_ACCOUNT_ID=${config.sops.placeholder."backblaze-b2/account-id"}
            B2_ACCOUNT_KEY=${config.sops.placeholder."backblaze-b2/account-key"}
@@ -49,9 +46,8 @@ in
    };

    services.restic.backups.home = {
-      repositoryFile = config.sops.templates."restic/repo-${config.networking.hostName}".path;
-      inherit (cfg) passwordFile;
-      inherit (cfg) paths;
+      repositoryFile = config.sops.templates."restic/repo-${host}".path;
+      inherit (cfg) passwordFile paths;
      timerConfig = {
        OnCalendar = "daily";
        Persistent = true;
@@ -64,7 +60,7 @@ in
        "--keep-monthly 6"
        "--keep-yearly 1"
      ];
-      environmentFile = config.sops.templates."restic/b2-env-${config.networking.hostName}".path;
+      environmentFile = config.sops.templates."restic/b2-env-${host}".path;
    };
  };
 }